[BreachExchange] Beaumont Health says 112K patients were impacted by data breach

Destry Winant destry at riskbasedsecurity.com
Mon Apr 20 10:23:47 EDT 2020

Beaumont Health System said a data security incident happened
impacting 112,000 people where an unauthorized third-party accessed
some employee accounts containing patient information last year.

The emails that were accessed had personal information like name, date
of birth, diagnosis, diagnosis code, procedute, treatement location,
treatment type, prescription information, Beaumont patient account
number and medical record numbers.

"A limited number of individuals’ Social Security numbers, financial
account information, health insurance information, and driver's
license or state identification numbers were also contained in the
impacted email accounts," the release said. "This incident does not
affect all patients of Beaumont and not all of these identifiers were
included for each notified individual."

Beaumont, which alerted patients Friday, said it became aware on March
29 that the email accounts were accessed between May 23, 2019 to June
3, 2019.

The healthy system said the investigation did not reveal if any
information was taken by the third party, according to a release.

"Our investigation was unable to determine definitively if any
information was actually acquired by the unauthorized third party, and
Beaumont has no knowledge of any inappropriate or misuse of any data.
Beaumont’s electronic medical record system was not impacted by this
incident and remains secure. However, out of an abundance of caution,
we are issuing notices to anyone whose information may have been
contained in the accessed accounts."

For further questions or additional information regarding this
incident, or to determine if you may be impacted by this incident, a
dedicated toll-free response line has been set up at 888-921-0518. The
response line is available Monday through Friday, 9:00 a.m. to 6:30
p.m. Eastern Time.

The release continues to say, "Beaumont has taken steps to improve
internal procedures to identify and remediate future threats in order
to minimize the risk of a similar incident in the future, including
implementing additional technical safeguards and providing additional
training and education to Beaumont employees on identification and
handling of malicious emails. Notified patients should monitor
insurance statements for any transactions related to care or services
that have not actually been received."

More information about the BreachExchange mailing list